> Can someone reach out to Jack/folks and tell them to fix their WWW site again?
>> Wow - someone doesn't like them.
>
Script kiddies don't discriminate. They'll just hack whatever known
exploits are available for whatever server. The problem with
pchdtv.com is this ... https://pchdtv.com/ ... they are running the
SSL port open on version 1.33.3 of apache... I bet they don't have all
the SSL patches up to date, because they aren't really using SSL all
that much.... Or the fact they are running PHP 4.2.2. That has some
known exploits as well.....
They also have their server horribly unsecured... it's running all
these open ports...
## nmap -sS pchdtv.com
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-12-21 10:31 EST
Interesting ports on powell.slcinet.net (128.121.217.18):
(The 1635 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
79/tcp open finger
80/tcp open http
106/tcp open pop3pw
110/tcp open pop-3
119/tcp open nntp
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
513/tcp open login
514/tcp open shell
587/tcp open submission
990/tcp open ftps
992/tcp open telnets
993/tcp open imaps
995/tcp open pop3s
2401/tcp open cvspserver
3306/tcp open mysql
5190/tcp open aol
MySQL is available for internet logins... I bet that's the same MySQL
they are storing credit card information in!!! They have "AIM" running
on the server for god sakes!!!! I can think of at least 7 starting
points to break into that box... and I bet 3 of them would have me
ending up as root or at least getting write access to the web space.
pchdtv guys... I love you and what you stand for. I will donate my
time to secure your server properly if you wish. If anyone has contact
info for "Jack" is it? Send him my offer and my contact information.
--
Anthony Vito
anthony.vito at gmail.com